diff -ruBbdP cacti-0.8.6d-patched086e/data_input.php cacti-0.8.6d-patched086f/data_input.php
--- cacti-0.8.6d-patched086e/data_input.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/data_input.php	2005-06-30 23:16:48.000000000 -0400
@@ -76,7 +76,7 @@
 
 	if (isset($_POST["save_component_data_input"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("id"));
+		input_validate_input_number(get_request_var_post("id"));
 		/* ==================================================== */
 
 		$save["id"] = $_POST["id"];
@@ -109,9 +109,9 @@
 		}
 	}elseif (isset($_POST["save_component_field"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("id"));
-		input_validate_input_number(get_request_var("data_input_id"));
-		input_validate_input_regex(get_request_var("input_output"), "^(in|out)$");
+		input_validate_input_number(get_request_var_post("id"));
+		input_validate_input_number(get_request_var_post("data_input_id"));
+		input_validate_input_regex(get_request_var_post("input_output"), "^(in|out)$");
 		/* ==================================================== */
 
 		$save["id"] = $_POST["id"];
diff -ruBbdP cacti-0.8.6d-patched086e/data_queries.php cacti-0.8.6d-patched086f/data_queries.php
--- cacti-0.8.6d-patched086e/data_queries.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/data_queries.php	2005-06-30 23:16:48.000000000 -0400
@@ -128,7 +128,7 @@
 		}
 	}elseif (isset($_POST["save_component_snmp_query_item"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("id"));
+		input_validate_input_number(get_request_var_post("id"));
 		/* ==================================================== */
 
 		$redirect_back = false;
@@ -226,6 +226,7 @@
 	/* ================= input validation ================= */
 	input_validate_input_number(get_request_var("id"));
 	input_validate_input_number(get_request_var("data_template_id"));
+	input_validate_input_number(get_request_var("snmp_query_graph_id"));
 	/* ==================================================== */
 
 	move_item_down("snmp_query_graph_rrd_sv", $_GET["id"], "data_template_id=" . $_GET["data_template_id"] . " and snmp_query_graph_id=" . $_GET["snmp_query_graph_id"] . " and field_name='" . $_GET["field_name"] . "'");
@@ -235,6 +236,7 @@
 	/* ================= input validation ================= */
 	input_validate_input_number(get_request_var("id"));
 	input_validate_input_number(get_request_var("data_template_id"));
+	input_validate_input_number(get_request_var("snmp_query_graph_id"));
 	/* ==================================================== */
 
 	move_item_up("snmp_query_graph_rrd_sv", $_GET["id"], "data_template_id=" . $_GET["data_template_id"] . " and snmp_query_graph_id=" . $_GET["snmp_query_graph_id"] . " and field_name='" . $_GET["field_name"] . "'");
diff -ruBbdP cacti-0.8.6d-patched086e/data_sources.php cacti-0.8.6d-patched086f/data_sources.php
--- cacti-0.8.6d-patched086e/data_sources.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/data_sources.php	2005-06-30 23:16:48.000000000 -0400
@@ -98,8 +98,8 @@
 function form_save() {
 	if ((isset($_POST["save_component_data_source_new"])) && (!empty($_POST["data_template_id"]))) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("host_id"));
-		input_validate_input_number(get_request_var("data_template_id"));
+		input_validate_input_number(get_request_var_post("host_id"));
+		input_validate_input_number(get_request_var_post("data_template_id"));
 		/* ==================================================== */
 
 		$save["id"] = $_POST["local_data_id"];
@@ -121,7 +121,7 @@
 
 	if ((isset($_POST["save_component_data"])) && (!is_error_message())) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("data_template_data_id"));
+		input_validate_input_number(get_request_var_post("data_template_data_id"));
 		/* ==================================================== */
 
 		/* ok, first pull out all 'input' values so we know how much to save */
@@ -171,10 +171,10 @@
 
 	if (isset($_POST["save_component_data_source"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("local_data_id"));
-		input_validate_input_number(get_request_var("current_rrd"));
-		input_validate_input_number(get_request_var("data_template_id"));
-		input_validate_input_number(get_request_var("host_id"));
+		input_validate_input_number(get_request_var_post("local_data_id"));
+		input_validate_input_number(get_request_var_post("current_rrd"));
+		input_validate_input_number(get_request_var_post("data_template_id"));
+		input_validate_input_number(get_request_var_post("host_id"));
 		/* ==================================================== */
 
 		$save1["id"] = $_POST["local_data_id"];
@@ -354,7 +354,7 @@
 			for ($i=0;($i<count($selected_items));$i++) {
 				/* ================= input validation ================= */
 				input_validate_input_number($selected_items[$i]);
-				input_validate_input_number(get_request_var("data_template_id"));
+				input_validate_input_number(get_request_var_post("data_template_id"));
 				/* ==================================================== */
 
 				change_data_template($selected_items[$i], $_POST["data_template_id"]);
@@ -363,7 +363,7 @@
 			for ($i=0;($i<count($selected_items));$i++) {
 				/* ================= input validation ================= */
 				input_validate_input_number($selected_items[$i]);
-				input_validate_input_number(get_request_var("host_id"));
+				input_validate_input_number(get_request_var_post("host_id"));
 				/* ==================================================== */
 
 				db_execute("update data_local set host_id=" . $_POST["host_id"] . " where id=" . $selected_items[$i]);
@@ -918,8 +918,8 @@
 	global $colors, $ds_actions;
 
 	/* ================= input validation ================= */
-	input_validate_input_number(get_request_var("host_id"));
-	input_validate_input_number(get_request_var("page"));
+	input_validate_input_number(get_request_var_request("host_id"));
+	input_validate_input_number(get_request_var_request("page"));
 	/* ==================================================== */
 
 	/* clean up search string */
diff -ruBbdP cacti-0.8.6d-patched086e/data_templates.php cacti-0.8.6d-patched086f/data_templates.php
--- cacti-0.8.6d-patched086e/data_templates.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/data_templates.php	2005-06-30 23:16:48.000000000 -0400
@@ -83,8 +83,8 @@
 function form_save() {
 	if (isset($_POST["save_component_template"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("data_input_id"));
-		input_validate_input_number(get_request_var("data_template_id"));
+		input_validate_input_number(get_request_var_post("data_input_id"));
+		input_validate_input_number(get_request_var_post("data_template_id"));
 		/* ==================================================== */
 
 		/* save: data_template */
diff -ruBbdP cacti-0.8.6d-patched086e/graph_templates_items.php cacti-0.8.6d-patched086f/graph_templates_items.php
--- cacti-0.8.6d-patched086e/graph_templates_items.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/graph_templates_items.php	2005-06-30 23:16:48.000000000 -0400
@@ -73,8 +73,8 @@
 function form_save() {
 	if (isset($_POST["save_component_item"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("graph_template_id"));
-		input_validate_input_number(get_request_var("task_item_id"));
+		input_validate_input_number(get_request_var_post("graph_template_id"));
+		input_validate_input_number(get_request_var_post("task_item_id"));
 		/* ==================================================== */
 
 		global $graph_item_types;
diff -ruBbdP cacti-0.8.6d-patched086e/graph_view.php cacti-0.8.6d-patched086f/graph_view.php
--- cacti-0.8.6d-patched086e/graph_view.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/graph_view.php	2005-06-30 23:16:48.000000000 -0400
@@ -107,8 +107,8 @@
 	define("ROWS_PER_PAGE", read_graph_config_option("preview_graphs_per_page"));
 
 	/* ================= input validation ================= */
-	input_validate_input_number(get_request_var("host_id"));
-	input_validate_input_number(get_request_var("page"));
+	input_validate_input_number(get_request_var_request("host_id"));
+	input_validate_input_number(get_request_var_request("page"));
 	/* ==================================================== */
 
 	/* clean up search string */
@@ -141,8 +141,8 @@
 	}
 
 	/* the user select a bunch of graphs of the 'list' view and wants them dsplayed here */
-	if (isset($_GET["style"])) {
-		if ($_GET["style"] == "selective") {
+	if (isset($_REQUEST["style"])) {
+		if ($_REQUEST["style"] == "selective") {
 			$i = 0;
 			while (list($var, $val) = each($_GET)) {
 				if (ereg('^graph_([0-9]+)$', $var, $matches)) {
@@ -160,7 +160,7 @@
 				$_REQUEST["host_id"] = "0";
 
 				/* Fix to avoid error in 'preview' after selection in 'list' : Notice: Undefined index: rra_id in C:\apache2\htdocs\cacti\graph_view.php on line 142 */
-				$set_rra_id = empty($rra_id) ? read_graph_config_option("default_rra_id") : $_GET["rra_id"];
+				$set_rra_id = empty($rra_id) ? read_graph_config_option("default_rra_id") : $_REQUEST["rra_id"];
 			}
 		}
 	}
diff -ruBbdP cacti-0.8.6d-patched086e/graphs.php cacti-0.8.6d-patched086f/graphs.php
--- cacti-0.8.6d-patched086e/graphs.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/graphs.php	2005-06-30 23:16:48.000000000 -0400
@@ -117,7 +117,7 @@
 function form_save() {
 	if ((isset($_POST["save_component_graph_new"])) && (!empty($_POST["graph_template_id"]))) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("graph_template_id"));
+		input_validate_input_number(get_request_var_post("graph_template_id"));
 		/* ==================================================== */
 
 		$save["id"] = $_POST["local_graph_id"];
@@ -134,8 +134,8 @@
 
 	if (isset($_POST["save_component_graph"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("graph_template_id"));
-		input_validate_input_number(get_request_var("_graph_template_id"));
+		input_validate_input_number(get_request_var_post("graph_template_id"));
+		input_validate_input_number(get_request_var_post("_graph_template_id"));
 		/* ==================================================== */
 
 		$save1["id"] = $_POST["local_graph_id"];
@@ -203,7 +203,7 @@
 
 	if (isset($_POST["save_component_input"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("local_graph_id"));
+		input_validate_input_number(get_request_var_post("local_graph_id"));
 		/* ==================================================== */
 
 		/* first; get the current graph template id */
@@ -300,7 +300,7 @@
 			for ($i=0;($i<count($selected_items));$i++) {
 				/* ================= input validation ================= */
 				input_validate_input_number($selected_items[$i]);
-				input_validate_input_number(get_request_var("graph_template_id"));
+				input_validate_input_number(get_request_var_post("graph_template_id"));
 				/* ==================================================== */
 
 				change_graph_template($selected_items[$i], $_POST["graph_template_id"], true);
@@ -325,8 +325,8 @@
 			for ($i=0;($i<count($selected_items));$i++) {
 				/* ================= input validation ================= */
 				input_validate_input_number($selected_items[$i]);
-				input_validate_input_number(get_request_var("tree_id"));
-				input_validate_input_number(get_request_var("tree_item_id"));
+				input_validate_input_number(get_request_var_post("tree_id"));
+				input_validate_input_number(get_request_var_post("tree_item_id"));
 				/* ==================================================== */
 
 				api_tree_item_save(0, $_POST["tree_id"], TREE_ITEM_TYPE_GRAPH, $_POST["tree_item_id"], "", $selected_items[$i], read_graph_config_option("default_rra_id"), 0, 0, 0, false);
@@ -335,7 +335,7 @@
 			for ($i=0;($i<count($selected_items));$i++) {
 				/* ================= input validation ================= */
 				input_validate_input_number($selected_items[$i]);
-				input_validate_input_number(get_request_var("host_id"));
+				input_validate_input_number(get_request_var_post("host_id"));
 				/* ==================================================== */
 
 				db_execute("update graph_local set host_id=" . $_POST["host_id"] . " where id=" . $selected_items[$i]);
@@ -972,8 +972,8 @@
 	global $colors, $graph_actions;
 
 	/* ================= input validation ================= */
-	input_validate_input_number(get_request_var("host_id"));
-	input_validate_input_number(get_request_var("page"));
+	input_validate_input_number(get_request_var_request("host_id"));
+	input_validate_input_number(get_request_var_request("page"));
 	/* ==================================================== */
 
 	/* clean up search string */
diff -ruBbdP cacti-0.8.6d-patched086e/graphs_items.php cacti-0.8.6d-patched086f/graphs_items.php
--- cacti-0.8.6d-patched086e/graphs_items.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/graphs_items.php	2005-06-30 23:18:39.000000000 -0400
@@ -188,23 +188,23 @@
 	global $colors, $struct_graph_item, $graph_item_types, $consolidation_functions;
 
 	/* ================= input validation ================= */
-	input_validate_input_number(get_request_var("id"));
-	input_validate_input_number(get_request_var("local_graph_id"));
-	input_validate_input_number(get_request_var("host_id"));
+	input_validate_input_number(get_request_var_request("id"));
+	input_validate_input_number(get_request_var_request("local_graph_id"));
+	input_validate_input_number(get_request_var_request("host_id"));
 	/* ==================================================== */
 
-	if (!empty($_GET["id"])) {
-		$template_item = db_fetch_row("select * from graph_templates_item where id=" . $_GET["id"]);
-		$host_id = db_fetch_cell("select host_id from graph_local where id=" . $_GET["local_graph_id"]);
+	if (!empty($_REQUEST["id"])) {
+		$template_item = db_fetch_row("select * from graph_templates_item where id=" . $_REQUEST["id"]);
+		$host_id = db_fetch_cell("select host_id from graph_local where id=" . $_REQUEST["local_graph_id"]);
 	}
 
-	$header_label = "[edit graph: " . db_fetch_cell("select title_cache from graph_templates_graph where local_graph_id=" . $_GET["local_graph_id"]) . "]";
+	$header_label = "[edit graph: " . db_fetch_cell("select title_cache from graph_templates_graph where local_graph_id=" . $_REQUEST["local_graph_id"]) . "]";
 
 	html_start_box("<strong>Graph Items</strong> $header_label", "98%", $colors["header"], "3", "center", "");
 
 	/* by default, select the LAST DS chosen to make everyone's lives easier */
-	if (!empty($_GET["local_graph_id"])) {
-		$default = db_fetch_row("select task_item_id from graph_templates_item where local_graph_id=" . $_GET["local_graph_id"] . " order by sequence DESC");
+	if (!empty($_REQUEST["local_graph_id"])) {
+		$default = db_fetch_row("select task_item_id from graph_templates_item where local_graph_id=" . $_REQUEST["local_graph_id"] . " order by sequence DESC");
 
 		if (sizeof($default) > 0) {
 			$struct_graph_item["task_item_id"]["default"] = $default["task_item_id"];
@@ -220,7 +220,7 @@
 			left join host on data_local.host_id=host.id
 			where data_template_rrd.local_data_id=data_local.id
 			and data_template_data.local_data_id=data_local.id
-			" . (((!empty($host_id)) || (!empty($_GET["host_id"]))) ? (!empty($host_id) ? " and data_local.host_id=$host_id" : " and data_local.host_id=" . $_GET["host_id"]) : "") . "
+			" . (((!empty($host_id)) || (!empty($_REQUEST["host_id"]))) ? (!empty($host_id) ? " and data_local.host_id=$host_id" : " and data_local.host_id=" . $_REQUEST["host_id"]) : "") . "
 			order by name";
 	}
 
@@ -242,7 +242,7 @@
 			)
 		);
 
-	form_hidden_box("local_graph_id", $_GET["local_graph_id"], "0");
+	form_hidden_box("local_graph_id", $_REQUEST["local_graph_id"], "0");
 	form_hidden_box("graph_template_item_id", (isset($template_item) ? $template_item["id"] : "0"), "");
 	form_hidden_box("local_graph_template_item_id", (isset($template_item) ? $template_item["local_graph_template_item_id"] : "0"), "");
 	form_hidden_box("graph_template_id", (isset($template_item) ? $template_item["graph_template_id"] : "0"), "");
@@ -252,5 +252,5 @@
 
 	html_end_box();
 
-	form_save_button("graphs.php?action=graph_edit&id=" . $_GET["local_graph_id"]);
+	form_save_button("graphs.php?action=graph_edit&id=" . $_REQUEST["local_graph_id"]);
 }
diff -ruBbdP cacti-0.8.6d-patched086e/graphs_new.php cacti-0.8.6d-patched086f/graphs_new.php
--- cacti-0.8.6d-patched086e/graphs_new.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/graphs_new.php	2005-06-30 23:16:48.000000000 -0400
@@ -344,7 +344,7 @@
 	global $colors;
 
 	/* ================= input validation ================= */
-	input_validate_input_number(get_request_var("host_id"));
+	input_validate_input_number(get_request_var_request("host_id"));
 	/* ==================================================== */
 
 	/* use the first host in the list as the default */
diff -ruBbdP cacti-0.8.6d-patched086e/host.php cacti-0.8.6d-patched086f/host.php
--- cacti-0.8.6d-patched086e/host.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/host.php	2005-06-30 23:16:48.000000000 -0400
@@ -97,9 +97,9 @@
 function form_save() {
 	if ((!empty($_POST["add_dq_y"])) && (!empty($_POST["snmp_query_id"]))) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("id"));
-		input_validate_input_number(get_request_var("snmp_query_id"));
-		input_validate_input_number(get_request_var("reindex_method"));
+		input_validate_input_number(get_request_var_post("id"));
+		input_validate_input_number(get_request_var_post("snmp_query_id"));
+		input_validate_input_number(get_request_var_post("reindex_method"));
 		/* ==================================================== */
 
 		db_execute("replace into host_snmp_query (host_id,snmp_query_id,reindex_method) values (" . $_POST["id"] . "," . $_POST["snmp_query_id"] . "," . $_POST["reindex_method"] . ")");
@@ -113,8 +113,8 @@
 
 	if ((!empty($_POST["add_gt_y"])) && (!empty($_POST["graph_template_id"]))) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("id"));
-		input_validate_input_number(get_request_var("graph_template_id"));
+		input_validate_input_number(get_request_var_post("id"));
+		input_validate_input_number(get_request_var_post("graph_template_id"));
 		/* ==================================================== */
 
 		db_execute("replace into host_graph (host_id,graph_template_id) values (" . $_POST["id"] . "," . $_POST["graph_template_id"] . ")");
@@ -642,9 +642,9 @@
 	global $colors, $device_actions;
 
 	/* ================= input validation ================= */
-	input_validate_input_number(get_request_var("host_template_id"));
-	input_validate_input_number(get_request_var("page"));
-	input_validate_input_number(get_request_var("host_status"));
+	input_validate_input_number(get_request_var_request("host_template_id"));
+	input_validate_input_number(get_request_var_request("page"));
+	input_validate_input_number(get_request_var_request("host_status"));
 	/* ==================================================== */
 
 	/* clean up search string */
diff -ruBbdP cacti-0.8.6d-patched086e/include/config.php cacti-0.8.6d-patched086f/include/config.php
--- cacti-0.8.6d-patched086e/include/config.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/include/config.php	2005-06-30 23:16:48.000000000 -0400
@@ -32,6 +32,20 @@
 $database_password = "cactiuser";
 
 /* ----- you probably do not need to change anything below this line ----- */
+
+/* Files that do not need http header information - Command line scripts */
+$no_http_header_files = array(
+	"poller.php",
+	"cmd.php",
+	"query_host_cpu.php",
+	"query_host_partitions.php",
+	"sql.php",
+	"ss_host_cpu.php",
+	"ss_host_disk.php",
+	"ss_sql.php"
+);
+
+$colors = array();
 $config = array();
 
 /* this should be auto-detected, set it manually if needed */
@@ -63,7 +77,7 @@
 $colors["form_alternate1"] = "F5F5F5";
 $colors["form_alternate2"] = "E5E5E5";
 
-if ((isset($no_http_headers) ? $no_http_headers : false) != true) {
+if ((!in_array(basename($_SERVER["PHP_SELF"]), $no_http_header_files, true)) && ($_SERVER["PHP_SELF"] != "")) {
 	/* we don't want these pages cached */
 	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
 	header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
@@ -97,6 +111,31 @@
 	}
 }
 
+/* emulate 'register_globals' = 'off' if turned on */
+if ((bool)ini_get("register_globals")) {
+	$not_unset = array("_GET", "_POST", "_COOKIE", "_SERVER", "_SESSION", "_ENV", "_FILES", "database_type", "database_default", "database_hostname", "database_username", "database_password", "config", "colors");
+
+	/* Not only will array_merge give a warning if a parameter is not an array, it will
+	* actually fail. So we check if HTTP_SESSION_VARS has been initialised. */
+	if (!isset($_SESSION)) {
+		$_SESSION = array();
+	}
+
+	/* Merge all into one extremely huge array; unset this later */
+	$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_SESSION, $_ENV, $_FILES);
+
+	unset($input["input"]);
+	unset($input["not_unset"]);
+
+	while (list($var,) = @each($input)) {
+		if (!in_array($var, $not_unset)) {
+			unset($$var);
+		}
+	}
+
+	unset($input);
+}
+
 /* display ALL errors */
 error_reporting(E_ALL);
 
diff -ruBbdP cacti-0.8.6d-patched086e/lib/html_utility.php cacti-0.8.6d-patched086f/lib/html_utility.php
--- cacti-0.8.6d-patched086e/lib/html_utility.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/lib/html_utility.php	2005-06-30 23:16:48.000000000 -0400
@@ -126,14 +126,50 @@
 	}
 }
 
-/* get_request_var - returns the current value of a PHP $_REQUEST variable, optionally
+/* get_request_var - returns the current value of a PHP $_GET variable, optionally
+     returning a default value if the request variable does not exist
+   @arg $name - the name of the request variable. this should be a valid key in the
+     $_GET array
+   @arg $default - the value to return if the specified name does not exist in the
+     $_GET array
+   @returns - the value of the request variable */
+function get_request_var($name, $default = "")
+{
+	if (isset($_GET[$name]))
+	{
+		return $_GET[$name];
+	} else
+	{
+		return $default;
+	}
+}
+
+/* get_request_var_post - returns the current value of a PHP $_POST variable, optionally
+     returning a default value if the request variable does not exist
+   @arg $name - the name of the request variable. this should be a valid key in the
+     $_POST array
+   @arg $default - the value to return if the specified name does not exist in the
+     $_POST array
+   @returns - the value of the request variable */
+function get_request_var_post($name, $default = "")
+{
+	if (isset($_POST[$name]))
+	{
+		return $_POST[$name];
+	} else
+	{
+		return $default;
+	}
+}
+
+/* get_request_var_request - returns the current value of a PHP $_POST variable, optionally
      returning a default value if the request variable does not exist
    @arg $name - the name of the request variable. this should be a valid key in the
      $_REQUEST array
    @arg $default - the value to return if the specified name does not exist in the
      $_REQUEST array
    @returns - the value of the request variable */
-function get_request_var($name, $default = "")
+function get_request_var_request($name, $default = "")
 {
 	if (isset($_REQUEST[$name]))
 	{
diff -ruBbdP cacti-0.8.6d-patched086e/user_admin.php cacti-0.8.6d-patched086f/user_admin.php
--- cacti-0.8.6d-patched086e/user_admin.php	2005-06-30 23:22:01.000000000 -0400
+++ cacti-0.8.6d-patched086f/user_admin.php	2005-06-30 23:16:48.000000000 -0400
@@ -90,7 +90,11 @@
 	/* graph permissions */
 	if ((isset($_POST["save_component_graph_perms"])) && (!is_error_message())) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("id"));
+		input_validate_input_number(get_request_var_post("id"));
+		input_validate_input_number(get_request_var_post("perm_graphs"));
+		input_validate_input_number(get_request_var_post("perm_trees"));
+		input_validate_input_number(get_request_var_post("perm_hosts"));
+		input_validate_input_number(get_request_var_post("perm_graph_templates"));
 		/* ==================================================== */
 
 		$add_button_clicked = false;
@@ -118,7 +122,7 @@
 	/* user management save */
 	if (isset($_POST["save_component_user"])) {
 		/* ================= input validation ================= */
-		input_validate_input_number(get_request_var("id"));
+		input_validate_input_number(get_request_var_post("id"));
 		/* ==================================================== */
 
 		if (($_POST["password"] == "") && ($_POST["password_confirm"] == "")) {